Tag Archive for Mac

| May 29, 2014
Comments Off on 70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On The PlanetRebecca Borison at the BusinessInsider asks who remembers the 1999 panic about the Y2K crisis. In 1999, Y2K looked as if it might derail modern life when computers because the glitch would reset computers to Jan 1. 1900, rather than Jan. 1, 2000, because computers only used two digits to represent a year in their internal clocks.

déjà vu all over againNow it déjà vu all over again, BI reports there’s a new, even bigger global software coding fiasco looming.  A huge amount of computer software could fail around the year 2038 because of issues with the way the code that runs them measures time.

Once again, just like with Y2K every single piece of software and computer code on the planet must now be checked and updated again. That is not a trivial task according to the author. In 2000, we bypassed the Y2K problem by recoding the software explains Ms. Borison. All the software — a fantastically laborious retrospective global software patch.

Disruption to the tech industry

Y2K problemAlthough Y2K was not a disaster, it was a massive disruption to the tech industry at the time. Virtually every company on the planet running any type of software had to find their specific Y2K issue and hire someone to fix it. Ultimately, Y2K caused ordinary people very few problems — but that’s only because there was a huge expenditure of time and resources within the tech business.

The 2038 problem will affect software that uses what’s called a signed 32-bit integer for storing time. The problem arises because 32-bit software can only measure a maximum value of 2,147,483,647 seconds. This is the biggest number you can represent using a 32-bit system.

time is represented as a signed 32-bit integerWhen a bunch of engineers developed the first UNIX computer operating system in the 1970s, they arbitrarily decided that time would be represented as a signed 32-bit integer (or number), and be measured as the number of milliseconds since 12:00:00 a.m. on January 1, 1970.

Glitch says it’s 1970 again

On January 19, 2038 — 2,147,483,647 seconds after January 1, 1970 — these computer programs will exceed the maximum value of time expressible by a 32-bit system using a base 2 binary counting system, and any software that hasn’t been fixed will then wrap back around to zero, thinking that it’s 1970 again.

UNIX time coding has since been incorporated widely into any software or hardware system that needs to measure time.

BI spoke with Jonathan Smith, a Computer and Information Science professor at the University of Pennsylvania for confirmation. The professor confirmed the Year 2038 is a real problem that will affect a specific subset of software that counts on a clock progressing positively. He elaborated:

Most UNIX-based systems use a 32-bit clock that starts at the arbitrary date of 1/1/1970, so adding 68 years gives you a risk of overflow at 2038 … Timers could stop working, scheduled reminders might not occur (e.g., calendar appointments), scheduled updates or backups might not occur, billing intervals might not be calculated correctly

The article concludes that we all need just to switch to higher bit values like 64 bits, which will give a higher maximum. In the last few years, more personal computers have made this shift, especially companies that have already needed to project time past 2038, like banks that need to deal with 30-year mortgages.

64 bitsApple (AAPL) claims that the iPhone 5S is the first 64-bit smartphone. But the 2038 problem applies to both hardware and software, so even if the 5S uses 64 bits, an alarm clock app on the phone needs to be updated as well. (If it’s using a 32-bit system in 2038 it will wake you up in 1970, so to speak.) So the issue is more of a logistical problem than a technical one.

HowStuffWorks reports that some platforms have different dooms-days.

  • IBM (IBM) PC hardware suffers from the Year 2116 problem. For a PC the beginning of time starts at January 1, 1980, and increments by seconds in an unsigned 32-bit integer in a way like UNIX time. By 2116, the integer overflows.
  • Hardware and softwareMicrosoft (MSFT) Windows NT uses a 64-bit integer to track time. However, it uses 100 nanoseconds as its increment and the beginning of time is January 1, 1601, so NT suffers from the Year 2184 problem.
  • On this page, Apple states that the Mac is okay out to the year 29,940!

rb-

The tech industry’s response to Y2K suggests that they will mostly ignore the 2038 issue until the very last minute when it becomes to ignore.  Another example of the pace of global software updates is that a majority of ATM cash machines were still running Windows XP, and thus vulnerable to hackers even though Microsoft discontinued the product in 2007.

Dont worryFortunately, the 2038 problem is somewhat easier to fix than the Y2K problem. Well-written programs can simply be recompiled with a new version of the C-library that uses 8-byte values for the storage format. This is possible because the C-library encapsulates the whole time activity with its own time types and functions (unlike most mainframe programs, which did not standardize their date formats or calculations). So the Year 2038 problem should not be nearly as hard to fix as the Y2K problem was.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| August 28, 2012
One comment

A History of Mac Malware: Part 1

A History of Mac Malware: Part 1Graham Cluley at Sophos recently wrote an excellent history of Apple Macintosh malware. He points out that Mac malware is a subject that raises strong emotions. There are some who believe that the problem is over-hyped and others who believe that the malware problem on Macs is underestimated by the Apple-loving community. The author writes that hopefully, this short history will go some way to present the facts and encourage sensible debate. (rb- We have just taken on a new customer which is 85% Mac and 15% PC. I have had this very conversation with my Apple certified tech who does the field support.)

Click here for part two of this series. Click here to read my recent series commemorating the 25th anniversary of the computer virus.

Apple II1982 – Apple II – The first virus to affect Apple computers wasn’t written for the Macintosh (the original Mac did appear until 1984). 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers. On every 50th boot the Elk Cloner virus would display a short poem:

It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

The blog says many Apple fans are surprised that the Elk Cloner boot sector virus predates IBM (IBM) PC viruses by some years. (I got my first paying tech job using an Apple II and PFS:File to build a database).

1987 – Macintosh – The nVIR virus began to infect Apple Macintosh computers, spreading its malware mainly by floppy disk. It was a similar story to what was happening in the world of MS-DOS malware, where viruses would typically travel from computer to computer by users sharing floppy disks.

Source code for nVIR was later made available, causing a rash of variants for the Mac platform. The author writes that the first anti-virus products for Mac, some free, some commercial, began to emerge in response th this malware. (In my first tech support Job, I got very familiar with the Mac 30/SE, since there was a computer lab full of them with a SCSI chain from the Mac to an external hard drive to a scanner. They also printed to a LaserWriter 2 with AppleTalk and Phonenet. I still have a bag of terminators.)

Mac 30/SE1988 – HyperCard – Running on early versions of Apple’s Mac OS, one HyperCard virus displayed a message about Michael Dukakis’s US presidential bid before self-destructing:

Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14-year-old, and am completely harmless. Dukakis for preseident (sic) in ’88. Peace on earth and have a nice day

1990 – The MDEF virus (aka Garfield) emerged, spreading malware on application and system files on the Mac.

1991 – HC (also known as Two Tunes or Three Tunes) was a HyperCard virus discovered in Holland and Belgium in March 1991. The writes that on German language versions of the operating system it would play German folk tunes and display messages such as “Hey, what are you doing?” and “Don’t panic.”

Microsoft Office1995 – Concept Macro Virus – Microsoft (MSFT) accidentally shipped the first-ever Word macro virus, Concept, on CD-ROM. It infected both Macs and PCs running Microsoft Word. Concept was not written with malicious intent but thousands of macro viruses were to follow, many also affecting Microsoft Office for Mac. Word macro viruses turned the world of Mac *and* Windows malware on its head overnight according to Sophos.

Macro viruses are written in an easy-to-understand macro language that Microsoft included in its Office programs making it. The blog says the macro language made it child’s play to create new malware variants. Most people at the time considered documents to be non-dangerous and were happy to receive them without thinking about the security risks. Just opening a Word .DOC file could infect your computer because the macro virus’s code was embedded within.

1996 – Laroux  Excel macro virus – The Laroux virus did not affect Mac users until Microsoft released Excel 98 for Mac and then Apple users could also become victims.

QuickTime logo1998 – Hong Kong introduced the next significant Mac malware outbreak the blog says.  It was first spotted in the wild in Hong Kong. The worm – dubbed AutoStart 9805 – spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+. (rb- An AutoPlay issue – whoda thunkit?). In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.

After 1988 Mr. Cluely writes that big changes to the Mac malware scene were just around the corner. The release of Mac OS X, a whole new operating system which would mean that much of the old malware would no longer be capable of running. Mac-specific malware would have to be written with a new OS in mind.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| December 19, 2011
One comment

McAfee’s 12 Scams of Christmas

McAfee's 12 Scams of ChristmasBefore logging on from a PC, Mac, or mobile device for the last-minute holiday online shopping madness, consumers should look out for these 12 Scams of Christmas identified by anti-malware firm McAfee:

1. Mobile Malware—A National Retail Federation (NRF) survey found that 52.6% of U.S. consumers who own a smartphone will use it for holiday shopping. Malware targeting mobile devices is rising, and Google’s (GOOG) Android smartphones are most at risk. McAfee cites a 76% increase in Android malware in the second quarter of 2011, making it the most targeted smartphone platform.

Malicious Mobile ApplicationsNew malware has recently been found that targets QR codes, a digital bar code that consumers might scan with their smartphone to find good deals or to learn about products they want to buy.

2. Malicious Mobile Applications—These are mobile apps designed to steal information from smartphones or send expensive text messages without a user’s consent. Dangerous apps are usually offered for free and masquerade as fun applications, such as games. Last year, 4.6 million Android smartphone users downloaded a wallpaper app that collected and transmitted user data to a site in China.

Facebook3. Phony Facebook Promotions and Contests—Who doesn’t want free stuff? Unfortunately, cyber scammers know that “free” things are attractive lures, and they have sprinkled Facebook with phony promotions and contests to gather personal information. A recent scam advertised two free airline tickets but required participants to complete multiple surveys requesting personal information.

4. Scareware, or Fake Antivirus software—Scareware is fake antivirus software that tricks people into believing that their computer is at risk or already infected, so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, victimizing one million victims each day. In 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, which has been resurgent recently.

5. Holiday Screen savers—Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screen saver that promises to let you “fly with Santa in 3D” was malicious. Holiday-themed ringtones and e-cards have also been known to be malicious.

Mac Malware6. Mac Malware – Until recently, Mac users felt insulated from online security threats since most were targeted at PCs. However, with the growing popularity of Apple (AAPL) products, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent each month.

7. Holiday Phishing Scams—Phishing is tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony emails or social media posts. Cyber scammers know that most people are busy around the holidays, so they tailor their emails and social messages with holiday themes to trick recipients into revealing personal information.

  • This is a fake notice from UPS (UPS) saying you have a package and need to complete an attached form. The form asks for personal or financial details to complete the delivery, and it sends that information straight into the hands of cyber scammers.
  • Banking phishing scams continue to be popular, and the holiday season means consumers will spend more money and check bank balances more often. From July to September of this year, McAfee Labs identified about 2,700 phishing URLs per day.
  • Smishing –SMS phishing remains a concern. Scammers send fake messages via text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it reactivated and collect the user’s personal information, including his Social Security number, address, and account details.

Online Coupon Scams8. Online Coupon Scams—An estimated 63 percent of shoppers search for coupons when they buy something online. October 2011 NRF data shows that 17.3 percent of smartphone users and 21.5 percent of tablet consumers use mobile devices to redeem those coupons. But watch out because scammers know that offering an irresistible online coupon can get people to hand over some of their personal information.

9. Mystery Shopper Scams—Mystery shoppers are hired to shop in a store and report back on the customer service. Scammers use this fun job to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be mystery shoppers and instructing them to call a number if they are interested. Once the victim calls, they are asked for personal information, including credit card and bank account numbers.

Scareware10. Hotel “Wrong Transaction” Malware Emails – Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams to get users to click on dangerous emails. In one example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

11. “It” Gift Scams—Hot holiday gifts sell out early in the season every year. Not only do sellers mark up the price of the must-have toy, but scammers also start advertising them on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial information, there is little recourse.

12. “I’m away from home” Scammers – Posting information about a vacation on social networking sites could be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide it may be a good time to rob them. Furthermore, a quick online search can quickly turn up their home address.

How to Protect Yourself

  • Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
  • Be extra vigilant when reviewing and responding to emails.
  • Watch out for too-good-to-be-true offers on social networks. Never agree to share your personal information to take part in a promotion.
  • Don’t accept requests on social networks from anyone you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.
Related articles

Mobile Threats Top Holiday Scam List (pcworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| December 1, 2010
Comments Off on Huge MacOS Patch Sets Record

Huge MacOS Patch Sets Record

Huge MacOS Patch Sets RecordApple Computers (AAPL) recently released a mega update that addresses 134 vulnerabilities in MacOS X. The incremental update weighs in at 650 megabytes, which PCMagazine’s Larry Seltzer is quoted as describing as “possibly unprecedented proportions.”  According to the Washington Post‘s Rob Pegoraro, the actual download size varies depending on different machines, up to  977.2 megabytes.

Apple logogTony Bradley of PCWorld compared the Mac OS X update with Microsoft’s Patch Tuesday, and claims that “To surpass 134 vulnerabilities, you have to combine six months’ worth of Patch Tuesdays from June through November.” To be fair, the massive MacOS update includes 55 updates related to Adobe Flash. Vulnerability expert (and multi Pwn2Own winner) Charlie Miller is clearly not impressed. In a tweet sent late Wednesday, he wroteApple releases huge patch, still miss all my bugs. Makes you realize how many bugs are in their code (or they’re very unlucky).”

What is in the mega MacOS patch?

The mega MacOS update patches a handful of long outstanding vulnerabilities, one from 2008 and 7 from 2009. The update also includes fixes to common UNIX software such as X11, PHP, and OpenSSL. Apple included more than two dozen non-security issues, many of them stability or reliability problems.  The 10.6.5 upgrade also fixed a problem with some HP printers connected to wireless networks, added support for encrypted transfers of files to Apple’s online storage service, and improved the reliability of connections to Microsoft Exchange servers.

Mac users can read more about MacOS X v10.6.5 and Security Update 2010-007 here.

rb-
The consumerization of IT has hit my workplace with iPad’s and Macs working their way in as “special projects.” This latest patch from Apple shows the firm’s attention to security. Despite the fanboyz believes, the Mac isn’t more secure than Wintel. The simple fact is, breaking into Macs probably has not ranked very high on the to-do list of cyber-criminals given the smaller number of Mac users when compared with the number of machines running Windows. The second fact is that Apple is slow with security updates. The mega update addressed some MacOS problems that are over two years old.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,